Here's a version. It's not a general diff, but relies on the error log to contain everything to be rejected. There is dependency on both logs having error messages in the same order. That's reasonable, but may not be guaranteed. If more than one server is logging, there would be a problem.

#!/usr/bin/perl -w # $|++; # stdout hot use strict; # avoid d'oh! bugs require 5; # for following modules my $logDir = '/cygdrive/c/Rsync/logs'; my $allLog = "$logDir/200203021258.all"; my $errLog = "$logDir/200203021258.err"; my $fileLog = "$logDir/200203021258.fil"; # open, but don't slurp open ALL, "< $allLog" or die $!; open ERR, "< $errLog" or die $!; open FLE, "> $fileLog" or die $!; while (<ERR>) { { local $/ = $_; my $diffs = <ALL> || "Alert: '$_' from $errLog not found\n"; chomp $diffs; print FLE $diffs; } } print FLE while <ALL>; close FLE or die $!; close ERR or die $!; close ALL or die $!;
We go through the error log one line at a time. For each line, we look forward in the all-log until we find it, by diamond op and $/ magic. We delete the matched error line with chomp and print to the new log extract file. When done with errors, we tack on the rest of the log. Untested, but it should work.

Update: Added a more graceful failure mode if an error line is missing.

